On Fri, 28 Apr 2023 19:15:59 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
>> Fixes: [JDK-8294985](https://bugs.openjdk.org/browse/JDK-8294985) > > Kevin Driver has updated the pull request incrementally with one additional > commit since the last revision: > > Update > src/java.base/share/classes/sun/security/ssl/CertificateAuthoritiesExtension.java > > Co-authored-by: Daniel Jelinski <djelins...@gmail.com> There are two blocks called CertificateAuthoritiesSpec.getAuthorities(). Another call is in the CRCertificateAuthoritiesConsumer inner class. Did you check if both should be updated? Or Is it possible to update the getAuthorities() implementation directly? There are similar code in CertificateRequest. Did you have a chance to look at if it is impacted as well? Basically, the issue is caused by the X500Principal constructor with DER bytes. It may be good to check the call to the constructor and handle the IAE accordingly as well, for example in the CertificateAuthoritiesSpec.toString() method. ------------- Changes requested by xuelei (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/13466#pullrequestreview-1407415460